A financially motivated threat group called Storm-2755 has launched a campaign that quietly reroutes employee salary payments to attacker-controlled bank accounts. Targeting Canadian workers, the group uses adversary-in-the-middle (AiTM) techniques to hijack authenticated sessions and bypass multi-factor authentication (MFA), in…
Tag: Cyber Security News
EngageSDK Vulnerability Exposes Millions of Crypto Wallet Users to Cyberattacks
A serious security flaw found inside a widely used Android library called EngageSDK has put over 30 million cryptocurrency wallet users at risk of financial theft and personal data exposure. The vulnerability, described as an intent redirection flaw, allowed malicious…
Censys Warns 5,219 Rockwell/Allen-Bradley PLCs Are Exposed Amid Iranian APT Activity
The FBI, CISA, NSA, EPA, DOE, and U.S. Cyber Command jointly disclosed on April 7, 2026, that Iranian-affiliated advanced persistent threat (APT) actors are actively targeting internet-facing Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs). These industrial devices are widely used in…
Hackers Use Fake BTS World Tour Ticket Sites to Scam Fans Across Multiple Countries
Cybercriminals are capitalizing on the excitement around BTS’s long-awaited return to the world stage by setting up fraudulent ticket websites that steal money from unsuspecting fans. The campaign has already reached fans across nine countries, making it one of the…
Multiple TP-Link Vulnerabilities Allow Attackers to Seize Control of the Device
Cybersecurity researchers have identified five distinct security flaws in the TP-Link Archer AX53 v1.0 router. Tracked under multiple CVE identifiers, these vulnerabilities impact the router’s core modules, including OpenVPN, dnsmasq, and tmpServer. When exploited, these flaws allow attackers on the…
MuddyWater Turns to Russian Malware-as-a-Service in New ChainShell Campaign
Iranian state-backed hacking group MuddyWater has made a decisive operational shift, adopting a Russian-built Malware-as-a-Service platform to power a new campaign against Israeli targets. The operation, built around a previously unknown tool called ChainShell, marks a clear departure from the…
Trojanized OpenVSX Extension Spreads GlassWorm Across VS Code, Cursor, and Windsurf
A fake developer extension published on the OpenVSX marketplace is silently spreading a known malware strain called GlassWorm to every code editor installed on a developer’s machine. The malicious package disguises itself as a legitimate productivity tool and uses a…
CPUID Website Compromised to Deliver Weaponized HWMonitor and CPU-Z Tools
The cpuid-dot-com website, home to widely used system utilities CPU-Z and HWMonitor, is at the center of an active supply chain security incident. Users downloading HWMonitor 1.63 or CPU-Z ZIPs since early April have reportedly received trojanized installers capable of…
AWS Patches Critical RCE and Escalate Privileges in Research and Engineering Studio
Amazon Web Services (AWS) has released an important security bulletin addressing three severe vulnerabilities in its Research and Engineering Studio (RES). These flaws could allow authenticated attackers to execute arbitrary commands as root and escalate privileges within a targeted cloud…
WhatsApp Introduces Username Feature for Connecting Without Sharing Phone Numbers
WhatsApp is preparing to roll out a long-anticipated username feature that will allow users to communicate without ever revealing their phone numbers, a significant privacy upgrade for one of the world’s most widely used messaging platforms. First spotted by WABetaInfo…
New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection
A newly discovered remote access trojan called STX RAT has emerged as a serious cybersecurity threat in 2026, combining hidden remote desktop access with credential-stealing features to quietly compromise targeted machines. The malware gets its name from the Start of…
Hackers Use ClickFix and Malicious DMG Files to Deliver notnullOSX on macOS
A new macOS info-stealer named notnullOSX has surfaced, targeting crypto holders with wallets above $10,000. Written in Go, it uses two parallel attack paths — ClickFix social engineering and malicious DMG disk image files — to silently compromise Apple Mac…
New ClickFix Campaign Uses macOS Script Editor to Deliver Atomic Stealer
A newly discovered ClickFix campaign is targeting macOS users through a technique that completely bypasses Terminal, using Script Editor to drop the Atomic Stealer infostealer onto compromised systems. This campaign marks a clear shift in how attackers are responding to…
Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation Attacks
SonicWall has released a critical security advisory addressing four vulnerabilities affecting its Secure Mobile Access (SMA) 1000 series appliances. These security flaws could allow remote attackers to escalate privileges, bypass multi-factor authentication, and enumerate user credentials. The most severe vulnerability…
GitLab Patches Multiple Vulnerabilities That Enables DoS and Code Injection Attacks
GitLab has released urgent security updates (versions 18.10.3, 18.9.5, and 18.8.9) for its Community Edition (CE) and Enterprise Edition (EE) to address high-severity flaws that enable Denial-of-Service (DoS) and code-injection attacks. GitLab strongly advises all administrators of self-managed systems to…
CISA Warns of Critical Ivanti EPMM Code Injection Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Ivanti Endpoint Manager Mobile (EPMM). The agency recently added this flaw, tracked as CVE-2026-1340, to its Known Exploited Vulnerabilities (KEV) catalog after…
Hackers Impersonate Linux Foundation Leader in Slack to Target Open Source Developers
Open source developers are facing a growing and sophisticated threat — one that does not rely on complex exploits or hidden vulnerabilities but instead uses something far simpler: trust. A social engineering campaign is actively targeting developers through Slack, where…
Hackers Use Fake Security Software to Deliver LucidRook Malware in Taiwan Attacks
A newly identified malware called LucidRook has been spotted targeting organizations across Taiwan, hiding inside what appears to be legitimate security software. The attackers went out of their way to make it look convincingly real, forging the icon and application…
Hackers Claim to Have Stolen 10 Petabytes of Data from China’s Tianjin Supercomputer Center
Hackers are claiming that one of China’s most strategically important computing facilities suffered a massive cyber intrusion, with more than 10 petabytes of sensitive information allegedly taken from a state-run supercomputing environment that experts suspect is the National Supercomputing Center…
New Silver Fox Campaign Hides ValleyRAT Inside Fake Telegram Chinese Language Pack Installer
A new malware campaign linked to the Silver Fox APT group has been discovered, using a fake Telegram Chinese language pack installer to secretly deliver ValleyRAT — a powerful remote access trojan — onto targeted machines. The malicious file, disguised…